VPN Network connections from Store apps running on Connected Standby devices are very slow

The title says it all: when you make a network connection from your Windows Store app to a resource residing in your Virtual Private Network (VPN) using a device which supports Connected Standby (also known as Always On/Always Connected [AOAC]), the connection may be very slow. 

A network trace of a Windows Store app connecting to a resource residing inside the VPN will show an initial connection that goes out through the external network adapter, trying to get to the internal address but eventually failing.  After the failure, there is a retry which then goes through the VPN and succeeds.  The wait for failover is the cause of the latency, but the real problem is that it tries to connect via the external adapter. This issue only occurs with Windows Store apps.

The root cause of the problem is that devices which support Connected Standby try to use the AOAC-enabled adapter first for Store apps, in every case.  A machine which is presently using AOAC and VPN will have at least two listed network adapters - at least one that performs the actual network connectivity operations (sending packets back and forth over the wire/wifi), and the VPN connection to the remote destination.  There may be others, and they may also be negatively affected by this issue. 

The problem is that the Store app always tries to first connect to a resource inside the VPN via the AOAC adapter, which will fail.  Only after the failure occurs will the retry happen.  In a default-configured network, the failure takes approximately 21 seconds: 

  • The first attempt at SYN, then timeout after 3 seconds. 
  • The second attempt, then timeout after 6 seconds. 
  • The third and final attempt, timeout at 12 seconds.  3+6+12 = 21 seconds until the connection is aborted.
  • The VPN adapter is then tried, and it takes that time as well to get connected.

An interesting thing about AOAC is that it does not work if HyperV is enabled on the machine, and that's how we can resolve this problem. Unfortunately, because there is no way to explicitly disable AOAC on a network adapter, you can enable HyperV which will disable AOAC and prevent the problem from occurring.  More information here: http://answers.microsoft.com/en-us/surface/wiki/surfpro3-surfnetwork/work-around-for-surface-pro-3-issue-where/bd7c8bde-439b-45d6-8d9d-2776913e45e9

Steps to turn on Hyper-V:

1. Open an administrative command prompt and type:

bcdedit /set hypervisorlaunchtype auto

2. Restart your device

After restarting, Hyper-V will again be active (and Connected Standby will no longer function). 

We've seen this issue reported with Surface Pro 3 since Connected Standby is default on that device.  You also may find that this issue goes away after installing Visual Studio 2013.  That's because Phone emulators are installed into HyperV, at which time HyperV is enabled, which causes AOAC to be disabled. Also, there is an active bug on this issue with the Windows Networking development team at the time of this blog post.  We expect that this should be resolved in Windows 10.

Don’t forget to follow the Windows Store Developer Solutions team on Twitter @wsdevsol. Comments are welcome, both below and on twitter.